Autonomous system (AS) is a large network or group of networks that has a unified routing policy.

This is very simple plugin for Postfix SMTP server to block access to service from IPs that are propagated by listed ASN (Autonomous System) numbers.

This script use https://ipinfo.io API with free account. If you run busy SMTP server, you may be required to buy paid plan.

Why this plugin has been created

I’m running small smtp server to host my personal emails. Since two months, my server is daily bombarded by connection from Spam Servers hosted by LayerHost and company doesn’t reacted to any abuse notification. I know, that blocking entire network block belongs to hosting company may be drastic, but it works for me and may works for you.

Installation & configuration

• Clone repository to /opt directory

  git clone https://github.com/monsoft/asnblocker.git
  

• Instal curl and jq application on your system
  Debian/Ubuntu:

  sudo apt install -y curl jq
  

  Red Hat/CentOs/Rocky Linux/AlmaLinux:

  sudo dnf install -y curl jq
  

• Create account on https://ipinfo.io website and copy API token.
• Modify TOKEN variable in asnblocker.sh script.
• Add list of ASN numbers (one number per line) to asn_list.txt file.
• Add below lines to the end of Postfix master.cf file:

  asnblocker   unix  -       n       n       -       0       spawn
  user=asnblocker argv=/opt/asnblocker/asnblocker.sh
  

• Add below line to Postfix main.cf file under smtpd_client_restrictions :

  smtpd_client_restrictions = 
  ...
  check_policy_service unix:private/asnblocker
  

• Crete system user & group:

  sudo adduser --quiet --system --group --no-create-home --home /nonexistent asnblocker
  

• Restart Postfix service
• Check your Postfix logs

Obtaining AS number

The easiest way to get AS number of network which you want to block is by using whois service:

whois ip_address |grep "^OriginAS:"

OriginAS:       ASxxxxx

or you can use websites like https://who.is